Re: [PATCH v2] libselinux/utils: introduce getpolicyload

James Carter <jwcart2@xxxxxxxxx> · Fri, 28 Jul 2023 14:11:45 -0400



On Fri, Jul 14, 2023 at 2:56 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Introduce a helper binary to print the number of policy reloads on the
> running system.
> Print only a single number to ease the usage by scripts.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
> v2:
>   - use main() prototype with arguments
>   - use argv[0] instead of hard coding program name
>   - fix indentation and spacing issues
>   - add binary to .gitignore file
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
>  libselinux/utils/.gitignore      |  1 +
>  libselinux/utils/getpolicyload.c | 30 ++++++++++++++++++++++++++++++
>  2 files changed, 31 insertions(+)
>  create mode 100644 libselinux/utils/getpolicyload.c
>
> diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore
> index b19b94a8..b3311360 100644
> --- a/libselinux/utils/.gitignore
> +++ b/libselinux/utils/.gitignore
> @@ -10,6 +10,7 @@ getenforce
>  getfilecon
>  getpidcon
>  getpidprevcon
> +getpolicyload
>  getsebool
>  getseuser
>  matchpathcon
> diff --git a/libselinux/utils/getpolicyload.c b/libselinux/utils/getpolicyload.c
> new file mode 100644
> index 00000000..ce06bb78
> --- /dev/null
> +++ b/libselinux/utils/getpolicyload.c
> @@ -0,0 +1,30 @@
> +#include <stdio.h>
> +#include <stdlib.h>
> +
> +#include <selinux/avc.h>
> +
> +
> +int main(int argc __attribute__ ((unused)),
> +         char* argv[] __attribute__ ((unused))) {
> +       int rc;
> +
> +       /*
> +       * Do not use netlink as fallback, since selinux_status_policyload(3)
> +       * works only after a first message has been received.
> +       */
> +       rc = selinux_status_open(/*fallback=*/0);
> +       if (rc < 0) {
> +               fprintf(stderr, "%s:  failed to open SELinux status map:  %m\n", argv[0]);
> +               return EXIT_FAILURE;
> +       }
> +
> +       rc = selinux_status_policyload();
> +       if (rc < 0)
> +               fprintf(stderr, "%s:  failed to read policyload from SELinux status page:  %m\n", argv[0]);
> +       else
> +               printf("%d\n", rc);
> +
> +       selinux_status_close();
> +
> +       return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
> +}
> --
> 2.40.1
>